If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please use GitHub Private Vulnerability Reporting to submit your report.

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (optional)

• Acknowledgment — within 48 hours
• Initial assessment — within 1 week
• Fix or mitigation — depends on severity, but we aim for 30 days for critical issues

Thank you for helping keep this project and its users safe.